At the Cyber Days, organized at the beginning of March in Lyon, artificial intelligence and the evolution of security systems were at the heart of the discussions. Yet, through the feedback and experience shared, one observation became clear: behind the infrastructures and the tools, cybersecurity remains a profoundly human issue.

Behind the data, there are people.

Organizations are modernizing their systems, migrating their data to the cloud, and multiplying interconnections between applications.

Each new API, each data flow, and each connected service expands the surface exposed to attacks.

Artificial intelligence adds an additional layer of complexity. Models, data pipelines, and automated assistants multiply the technical components and information flows that must be secured.

For Guillaume Poupard, Chief Trust Officer at Orange, the challenge of the coming years will above all be the protection of people, particularly in the face of data breaches that directly affect users of digital services.

Cybersecurity therefore also raises a question of trust and responsibility for organizations.

Social engineering: a still highly effective attack vector

Despite the sophistication of security systems, most successful attacks begin with ordinary situations.

An ongoing conversation, an expected attachment, a message appearing to come from a legitimate authority.

During the Cyber Days, one executive recounted how an attack had started with a malicious document inserted into an existing discussion thread.

The attachment appeared legitimate, and an employee opened it. The intrusion remained invisible for several days, giving the attackers time to move through the system. It was only when the information system became paralyzed that the company realized it had fallen victim to an attack.

The full recovery of operations took nearly nine months and cost the company around two million euros.

These attacks do not rely solely on technical vulnerabilities.
They exploit simple human mechanisms: trust between colleagues, work habits, or the pressure of urgency.

Cybersecurity becomes a matter of culture

These accounts highlight the limits of traditional awareness programs.

In many organizations, prevention still amounts to an annual training session and a few internal communication campaigns.

Yet security primarily relies on the daily reflexes of teams.

One workshop highlighted approaches tested internally: sharing stories of attacks experienced by the company, organizing moments of discussion such as cyber breakfasts, or appointing “cyber champions” responsible for relaying best practices within teams.
These spaces also help put a face to cybersecurity: knowing whom to contact when a doubt arises.

These initiatives show the growing importance of communication in cybersecurity and in the roles of CIOs and CISOs. Beyond managing infrastructure and vulnerabilities, their mission now involves establishing a culture of vigilance and strengthening the organization’s digital resilience. Because cyber risk must first be told before it can be controlled.

The cyber strategy promoted in the Auvergne-Rhône-Alpes region follows this same logic by encouraging business awareness and cooperation among actors in the regional ecosystem, notably through initiatives such as the certification of the regional Cyber Campus.

About the Cyber Days

Les Journées de la Cyber est un événement dédié à la cybersécurité organisé en Auvergne-Rhône-Alpes par Digital League, le Clusir, l’ADIRA, l’ENE et Minalogic. 
Pour sa 5ᵉ édition, la rencontre a réuni experts, décideurs et acteurs du numérique autour de retours d’expérience et d’échanges consacrés aux pratiques et aux solutions de cybersécurité. 

Similar Insights

All insights